Severity: High

 

Summary: Tableau Server and Tableau Desktop include an outdated version of libtiff, a third-party, vulnerable dynamic link library.

 

Impact: Exploits of the outdated version rely on buffer overflows and other vulnerabilities which could result in denial-of-service attacks and remote code execution.

 

Vulnerable Versions: 8.3 (through 8.3.19), 9.0 (through 9.0.22), 9.1 (through 9.1.19), 9.2 (through 9.2.18), 9.3 (through 9.3.15), 10.0 (through 10.0.10), 10.1 (through 10.1.8), 10.2 (through 10.2.2).

 

Resolution: The issue can be fixed by upgrading to the following Tableau Server and Tableau Desktop versions:

Tableau Server, Tableau Desktop: 8.3.20

Tableau Server, Tableau Desktop: 9.0.23

Tableau Server, Tableau Desktop: 9.1.20

Tableau Server, Tableau Desktop: 9.2.19

Tableau Server, Tableau Desktop: 9.3.16

Tableau Server, Tableau Desktop: 10.0.11

Tableau Server, Tableau Desktop: 10.1.9

Tableau Server, Tableau Desktop: 10.2.3

 

More Information: the following vulnerabilities are resolved with the latest upgrade:

CVE-2016-9535

CVE-2015-7554

CVE-2016-8331

CVE-2016-6223

CVE-2016-9448

CVE-2016-5323

CVE-2016-9297

CVE-2016-5315

CVE-2016-5317

CVE-2016-5321

CVE-2016-5318

CVE-2016-9273

CVE-2015-8683

CVE-2015-8665

CVE-2015-1547

CVE-2014-9655 See https://cve.mitre.org/index.html for an index of CVEs.